﻿using Link_eLab.JwtAuthorizePolicy.Enum;
using System;
using System.IdentityModel.Tokens.Jwt;
using System.Security.Claims;

namespace Link_eLab.JwtAuthorizePolicy.Extension
{
    /// <summary>
    /// JwtToken
    /// </summary>
    public class JwtToken
    {
        #region 获取基于JWT的Token

        /// <summary>
        /// 获取基于JWT的Token
        /// </summary>
        /// <param name="claims"></param>
        /// <param name="permissionRequirement"></param>
        /// <param name="clientType">1.token   2 refreshToken</param>
        /// <returns>JSON结果集</returns>
        public static dynamic BuildJwtToken(Claim[] claims, PermissionRequirement permissionRequirement, AuthClientType clientType)
        {
            double expiresIn = 2 * 60 * 60 * 1000;
            var refreshTokenExpiresIn = clientType switch
            {
                // SAAS后台 设置成8小时
                AuthClientType.SaasPlatForm => 8 * 60 * 60 * 1000,
                // 小程序 设置成7天,用于小程序客户端之类的,能确保一周永久在线
                AuthClientType.ToCWehcatApp => 7 * 24 * 60 * 60 * 1000,
                //case AuthClientType.ToBApp:
                //    refreshTokenExpiresIn = 7 * 24 * 60 * 60 * 1000;
                //    break;
                _ => 7 * 24 * 60 * 60 * 1000,
            };
            int expiresDay = 360;
            var now = DateTime.Now;
            var jwt_token = new JwtSecurityToken(
                issuer: permissionRequirement.Issuer,
                audience: permissionRequirement.Audience,
                claims: claims,
                notBefore: now,
                //expires: now.Add(TimeSpan.FromMilliseconds(expiresIn)),
                expires: now.Add(TimeSpan.FromDays(expiresDay)),
                signingCredentials: permissionRequirement.SigningCredentials
            );

            // 用于refresh使用的Jwt
            var jwt_refreshtoken = new JwtSecurityToken(
                issuer: permissionRequirement.Issuer,
                audience: permissionRequirement.Audience,
                claims: claims,
                notBefore: now,
                //expires: now.Add(TimeSpan.FromMilliseconds(refreshTokenExpiresIn)),
                expires: now.Add(TimeSpan.FromDays(expiresDay)),
                signingCredentials: permissionRequirement.SigningCredentials
            );

            var encodedJwt_Token = new JwtSecurityTokenHandler().WriteToken(jwt_token);
            var encodedJwt_RefreshToken = new JwtSecurityTokenHandler().WriteToken(jwt_refreshtoken);

            var responseTokenJson = new
            {
                access_token = encodedJwt_Token,
                //expires = now.Add(TimeSpan.FromMilliseconds(expiresIn)),
                expires = now.Add(TimeSpan.FromDays(expiresDay)),
                expires_in = expiresIn,
                token_type = "Bearer",
                refresh_access_token = new
                {
                    refresh_token = encodedJwt_RefreshToken,
                    //expires = now.Add(TimeSpan.FromMilliseconds(refreshTokenExpiresIn)),
                    expires = now.Add(TimeSpan.FromDays(expiresDay)),
                    expires_in = refreshTokenExpiresIn
                }
            };

            return responseTokenJson;
        }

        #endregion

    }
}